Posts Tagged ‘security’

Keep Your Password Secure!

Permalink   Posted by VectorDefector

net-privacyOne of the biggest issues in the online marketing business is hacking. Hacking can come in the form of a computer virus, “spam” or tricky junk mail, “phishing” or even trickier junk mail that tricks you into giving away personal information, and plain old data theft.

In our experience, the number one way people get hacked is by simply having a bad password. There are a number of tools available to hackers that can make it very easy to “guess” a password. Once someone obtains your password, they may have access to any of your online data including private personal information and financial records.

Your best defense against hacking starts at the front line: having a secure password.

Here are a few quick tips on making sure your password is difficult to hack:

  • Make sure it has at least 12 characters. We know, the longer your password is, the harder it is to remember. We’ll give you some tips later for creating secure passwords that are also memorable.
  • Include a mix of numbers, letters and symbols. The more characters your password involves, the more combinations hackers and hacking programs have to iterate through to make a guess.
  • Make it more complex than a dictionary word (or words). A simple password like “house” or even “red house” isn’t going to cut it these days. Even simple substitutions like “r3d hou$e” can be easy enough for modern programs to crack.
  • Use a password generator that will create a secure password for you. Try a website like www.strongpasswordgenerator.com and let them create a secure password for you. This site also gives you phonetic memorization ideas (ex: “remember: alpha charlie echo three”).

The hardest passwords to guess can also be the easier to memorize. Passwords with equations or phrases maximize the length of your password plus give you a way to remember it:

  • Try using 6 words or more to create a “pass phrase”.
    Example: “Indiana Jones flies midnight frost wheat”. Phrasing is often easier to remember than a random combination of characters.
  • Try a combination of symbols and a pass phrase.
    Example: “!indina j0ne$ f7ies m!dnight 7rost w#eat”. The more complex your substitution gets, the harder the phrase is to guess.
  • Use a combination of all three to create a secure, easy to remember equation.
    Example “Yay$Fun==#FamVAca”. This we’d remember as “yay fun money is for hashtag family vacation”. Its personal but contains no private information that could be guessed like a birth date or your child’s name.

Try to use different password phrases for every site you create an account for. The more different, unique passwords you can have the better. At the minimum, have different passwords/pass phrases for social and sharing sites than you use for your important information like banking and work documents.

Unfortunately, due to the increase of hacking software, and the pure raw computing power available a memorable password is still susceptible to hacking. To ensure total security, use complete random passwords created by the password generator site above and use a different one for every login you have. To keep track of them, you can use software called “password managers” that keep track of your passwords for you. PCMag.com recently posted a list of top free password managers in an article on their website along with some that have more secure subscription services.

To conclude, keep your passwords secure and update them often!

In the long run, it will save you a lot of headache, strife, and possibly lost data by coming up with something thats just a little bit more difficult to remember, or by becoming more secure using a password manager.

Hackers Exploit Open-X Vulnerabilities

Permalink   Posted by VectorDefector

An article posted today on Yahoo! Tech News details some recent hacks to popular websites running the popular open-source ad server system OpenX. Among the affected were King Features (a popular comics site), Ain’t it Cool News and Adobe.

The two prong hack features two common techniques in releasing viruses these days: a “SQL injection” attack to the OpenX ad server which essentially forces an entry into the ad database, followed by a “iFrame” attack which loads a new page within the same window in your browser, enabling the hacker to fire a number of different pieces of code from the new “framed” page.

An iFrame attack can be avoided by using any decent anti-virus software to block the source, however a “SQL injection” is another matter. I’ve recommended that any of my clients using the OpenX software upgrade to the latest version and attempt to hide any publicly available database config info.

Speaking as a person who’s used a SQL Injection technique in a non-malicious way (as part of a plugin), the best route is to always make sure you keep your password hidden and up-to-date.